CVE-2015-3649

Name of the Vulnerable Software and Affected Versions open-uri-cached rubygem (affected versions not specified)

Description The issue allows local users to execute arbitrary Ruby code. This is achieved by creating a directory under /tmp with a specific name, including "openuri-" followed by a crafted UID. Once a meta file is created in this directory, an attacker can place Ruby code there, which will then be executed.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.